On Wed, Jun 4, 2008 at 2:11 PM, Aidan Skinner <[EMAIL PROTECTED]> wrote:
> The classes do when used directly, but not when called from the SASL > CRAM-MD5 implementation. I've been digging through the OpenJDK source > but haven't yet come up with a reason why. I suspect we're doing > something broken somewhere in our implementation, possibly to do with > collapsing or not collapsing keys > 64 bytes. I tried the following bit of python as a tie breaker: #!/usr/bin/python import hmac password = chr(0x08)+chr(0x4e)+chr(0x03)+chr(0x43)+chr(0xa0)+chr(0x48)+chr(0x6f)+chr(0xf0)+chr(0x55)+chr(0x30)+chr(0xdf)+chr(0x6c)+chr(0x70)+chr(0x5c)+chr(0x8b)+chr(0xb4) print password challenge = "<[EMAIL PROTECTED]>" print hmac.HMAC(password, challenge).hexdigest() And it produces the same answer as the .Net implementation, and differs from the brokers implementation. Joy to the world. - Aidan -- aim/y!:aidans42 g:[EMAIL PROTECTED] http://aidan.skinner.me.uk/ "We belong to nobody and nobody belongs to us. We don't even belong to each other."
